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DETAILED ACTION 

1. Claims 1-39 have been examined. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

3. Claims 29-39 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

4. Claim 29 is directed to a method of protecting a distributed application user. The 
examiner respectfully asserts that the claim method does not fall within the statutory classes 
listed in 35 USC 101. The claim method is functional descriptive material stored on a medium 
(i.e., software/program). Claim 29 is rejected as being functional descriptive material. Claims 
30-39 depend form claim 29 and are rejected under the same rationale. Examiner suggest 
amending the preamble to recite, "A computer program product stored on a computer readable 
medium ..." 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

6. Claims 1-39 are rejected under 35 U.S.C. 102(b) as being anticipated by Levergood et 
al. US 5,708,780 (hereinafter Levergood). 
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7. As per claims 1, 3, 8-11, 18, 20, 24, 26-29, 31 and 35, Levergood teaches A method for 
protecting a distributed application user, comprising: 

providing a distributed application on a server (i.e., web-pages on a server) [column 5, 
lines 17-41]; 

authenticating a user of the distributed application [column 5, lines 41-50 and column 6, 
lines 27-50]; 

determining, on the server, a security value for the authenticated user (i.e., SID is 
generated for an authenticated user) [column 5, lines 41-64 and column 6, lines 53-column 7, 
line 13]; 

associating the security value with a set of uniform resource locators (URLs) 
corresponding to a set of commands of the distributed application [column 5, line 49-column 6, 
line 4 and column 7, lines 14-31]; 

communicating the security value to a client operated by the authenticated user [column 

5, line 49-column 6, line 4 and column 7, lines 14-31]; 

receiving one of the set of URLs on the server from the client [column 5, line 64-column 

6, line 16 and column 7, lines 14-21]; and 

checking the one URL for the security value (i.e., check if SID is attached to the URL) 
[column 5, lines 41-49 and column 6, line 65-column 6, lines 26 and column 7, lines 35-47]. 

8. As per claims 2, 12, 19 and 30, Levergood further teaches the method further 
comprising returning an error message to the user if the security value is not found with the one 
command (i.e., if not SID is detected with the URL, redirecting it back to the client, column 5, 
lines 46-50 and column 7, lines 41-49). 
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9. As per claims 4, 21 and 32, Levergood further teaches the method wherein the security 
value is a pseudo-random number (i.e., session identifier including user identifier, column 3, 
lines 34-41). 

10. As per claims 5, 17, 22 and 33, Levergood further teaches the method further 
comprising storing the security value on the server [column 6, lines 5-23]. 

11. As per claims 6, 13, 23 and 34, Levergood further teaches the method further 
comprising: associating the security value with session information corresponding to the 
authenticated user, and communicating the session information and the security value to the 
authenticated user [column 6, lines 5-23 and column 7, lines 14-21]. 

12. As per claims 7, 25 and 36, Levergood further teaches the method wherein the 
authenticated user operates a client that communicates with the server [column 6, lines 22-26]. 

13. As per claims 14 and 37, Levergood further teaches the method wherein the associating 
step comprises appending the security value to a set of URLs corresponding to a set of 
commands of the distributed application [column 5, line 49-column 6, line 4 and column 7, lines 
14-31]. 

14. As per claims 15 and 38, Levergood further teaches the method wherein the one URL is 
pre-constructed on the server, and wherein client receives the one URL and the associated 
security value from the server [column 7, lines 14-33]. 
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15. As per claims 16 and 39, Levergood further teaches the method wherein the one URL is 
constructed on the client, and wherein the associating step comprises, extracting the security 
value on the client, and appending the security value to the one URL [column 5, lines52-65]. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. See PTO Form 892. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Beemnet W. Dada whose telephone number is (571) 272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Beemnet Dada /L<f 
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SUPERVISORY PATENT EXAMINER 
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